This document provides an overview of a course on Cyber Physical Systems Security. The course will explore security techniques for networks and control systems that integrate technologies like computers, PLCs, interfaces and microprocessor devices. It will examine real threats to industrial automation systems and explore standards-based approaches to protecting these systems. Students will learn about different types of attacks, vulnerability assessments, and techniques for securing networks of devices. The objectives are for students to understand SCADA/ICS components and applications, security guidelines, and how to differentiate and secure against various attacks.
2. Course Description
Cyber Physical Systems Security introduces the techniques, methodologies,
and tools used in building and maintaining secure networks and control
systems.These systems rely on unification of technologies such as
computers, Programmable LogicControllers, operator interfaces, and
microprocessor based devices together into Supervisory, Control and Data
Acquisition (SCADA) or Industrial Control Systems (ICS). After exploring
the real-world threats and vulnerabilities that exist within the industrial
automation and control system architectures, a standards based approach
is explored for the protection of such systems, taking into consideration the
procedural and technical differences between security for traditional IT
environments and those solutions appropriate for SCADA or ICS.
3. Required Texts
Labs
• Arduino One
• Sensor Kit
Bodungen, C. (2016). Hacking Exposed Industrial Control
Systems: ICS and SCADA Security Secrets & Solutions. McGraw-
Hill Education. ISBN: 978-1259589713
4. Introduction
Welcome to the class
Over the next session, we will explore many different facets
of Cyber Physical Systems Security that impact us each and
every day. You will learn how security plays a vital role in this
and what must be done to protect ourselves from the “rise
of the machines.”
5. Objectives
At the end of the course, students should have demonstrated their
ability to:
Appraise the different components, communication systems,
and timing requirements used in SCADAICS
Identify the economic benefits of SCADAICS systems
Illustrate how SCADAICS is applied to real world applications
Evaluate industrial security guidelines
Differentiate between different types of attacks that can be
launched against systems
Demonstrate different vulnerability assessment procedures
Demonstrate the techniques for securing a network of devices
5
7. Incident/Exposure – An unauthorized event that could lead to a process control
system to deviate from normal operation
Risk –The likelihood that an attack, incident, or exposure could occur and the
severity of impact that it could have on your systems or organization
Threat (a.k.a. – “Threat Source”, “Threat Agent”) –The actual source of the
risk.The person or thing that takes advantage of, uses, or causes a
vulnerability either intentionally or unintentional
Vulnerability – A set of conditions causing the presence of a weakness, of
which a threat can take advantage. This could be a technical weakness,
procedural weakness, or human weakness
Exploit – 1. nThe means by which a vulnerability is taken advantage of 2. vTo
take advantage of a vulnerability; the attack itself
Attack –The result of the presence of aThreat taking advantage of a
Vulnerability, through a successful Exploit
AttackVector –The environment in which the attack will take place. (i.e. –
physical, operations, cyber, computer memory space, a website, etc.)
Terminology
8. State of the Industry
SCADA in the past
Isolated from IT
SCADA, ICS, DCS, Industrial Networks all relatively unheard of
Used legacy equipment
SCADA Now
Connectivity to enterprise / IP
New, network-based attack vectors
Increasing use of commercial off-the-shelf (COTS) software
Increased use of MicrosoftWindows
Unpatched systems
Brings pre-existing vulnerabilities back
Virus/malware propagation
Flat networks and Dual-homed systems
“IT vs. SCADA”, “Them vs. Us”
Experts Claim “Lost Decade” (in terms of security) Due to “Failure to Act”